OPNsense Forum
English Forums => Zenarmor (Sensei) => Topic started by: marcelmah on August 13, 2021, 03:38:18 pm
-
Hi,
I'm using Sensei (premium home edition) to protect my daughters from certain sites.
I also want them protected when they use their tablets on someone else's WiFi.
So I created WireGuard profiles for all devices.
WireGuard works fine, but no filtering happens...
I'm running OPNsense 21.1.9_1-amd64.
I read that It wasen't possible at first, but this was months ago and SV was funding netmap to get is to work.
I can and I have selected my wg0 interface as one of the protected interfaces.
Can this work now? If not, is it being developed? can we track progress? if It's possible, what am I doing wrong?
-
Hi marcelmah,
Can you try with tcpdump when Sensei is active? If there is no packet with tcpdump as well, then take the bypass Sensei Packet Engine (Status - Services - Packet Engine - Enter Bypass Mode) and run tcpdump again.
tcpdump -s0 -ni wg0 -vvv
-
Hi marcelmah,
Can you try with tcpdump when Sensei is active? If there is no packet with tcpdump as well, then take the bypass Sensei Packet Engine (Status - Services - Packet Engine - Enter Bypass Mode) and run tcpdump again.
tcpdump -s0 -ni wg0 -vvv
Hi, when I enter this command on my OPNsense shell it shows a lot of traffic.
No filtering happens tho..., when I'm connected on my LAN I can no longer visit the sites I've blocked.
-
Are you using a custom policy to filter, or the default one? In case of a custom policy, it might be necessary to add the wg0 interface there.
-
Are you using a custom policy to filter, or the default one? In case of a custom policy, it might be necessary to add the wg0 interface there.
When I did the test I disabled the custom policy, so only the default one was active.
I disconnected my phone from WireGuard, disabled WiFi and enabled hotspot
I used my laptop to test the blocked site (was blocked).
I then disconnected from my WiFi and connected to my mobile hotspot
I could now browse the blocked website (this is as expected).
I then connected to one of my daughters WireGuard profiles, but was still able to browse to the websites that should have been blocked, the profile was working as I had my fixed line WAN IP address and I could browse local LAN devices.